Blog Archive

David Larrea

•

5 min read

Microsoft Conditional Access: How to Enforce It with Certificates

Organizations can use a variety of signals when making decisions about allowing access to enterprise resources. Relying solely on authentication via password isn’t enough: According to data from Webtribunal, 50 percent of people use the same password across different accounts, and 51 percent use the same password for their personal and work accounts. Multifactor authentication (MFA) is often used as another layer of security, but even that doesn’t eliminate risk exposure.

Recent News July 27, 2022

Iru Team

•

4 min read

AD CS Integration Empowers Apple Admins Who Rely on Active Directory

One common way to authenticate a user’s identity is with username and password credentials. Another, especially in enterprise environments, is with Public Key Infrastructure (PKI) certificates (also known simply as digital certificates).

Product Update July 20, 2022

Iru Team

•

1 min read

User-Facing Text Now Follows Local Language Settings

For Apple IT teams whose end-users speak languages other than English, Kandji now supports localized languages in the macOS menu bar item, in the Self Service app (for macOS, iOS, and iPadOS), and in the Kandji Migration Agent.

Product Update July 11, 2022

Mike Boylan

•

7 min read

Behind the Curtain: Managing Software Updates with MDM

Over the past several years, Apple has made a number of deep platform changes to both macOS and Mac hardware that have resulted in enormous shifts in how Mac computers are deployed and managed.

Recent News July 1, 2022

Iru Team

•

3 min read

New Kandji Connector with Okta Workflows Enables No-Code Automations

In Apple device management, automation is everything. The more of your work that you can automate via scripts, APIs, and other tools, the less you have to do manually and the more time you have for other, more strategic projects. Kandji customers now have another powerful automation tool, in the form of Okta Workflows.

Product Update June 22, 2022

Caleb Basinger

•

8 min read

iPad as Primary Work Device: Why Apple Admins Should Support It

For many years, if employees were given a choice in the kind of digital device they’d use for work, it was usually a binary one: Mac or PC. But IT teams now frequently get requests for a third option: iPad.

Recent News June 17, 2022

Caleb Basinger

•

7 min read

WWDC 2022: The Top 10 Announcements for Apple Admins

Last week’s WWDC included nearly 200 sessions. Most of them focused on topics of interest primarily to developers (rightly enough), but many had announcements of interest to Apple admins as well. If you weren’t able to virtually attend, or if you missed some sessions that sounded interesting, not to worry: Here are the 10 announcements we think were of greatest relevance to those who manage Apple devices.

Recent News June 14, 2022

Iru Team

•

5 min read

WWDC 2022: Apple Advances Declarative Device Management

Last year, at WWDC 2021, Apple introduced a new concept for Apple admins: Dubbed declarative device management (a.k.a. declarative MDM), it was an evolutionary advance of the MDM protocol. The declarative model is designed to push much of the management down to the device itself. Instead of a server polling a device for its status and issuing commands to it (as happens with the current MDM protocol), declarative device management lets the device react to its own state changes by applying management on its own. This year, at WWDC 2022, Apple announced an expansive update to declarative MDM: Where the original iteration worked only on iOS and iPadOS devices with user enrollment, it will now work on all Apple platforms, including Mac and Apple TV, and with all enrollment types. It also added new status reports and improved syntax for rules that define how a device is to be managed.

Recent News June 10, 2022

Iru Team

•

2 min read

Updated Wi-Fi Library Item Enhances Support for Enterprise Security

As workers return to the office, managing their access to company Wi-Fi is once again top-of-mind for many Mac admins. It’s been top of mind for Kandji, too: We’ve updated and expanded our Wi-Fi Library Item to better support enterprise networking—in particular the many authentication protocols those networks use.

Product Update June 9, 2022

Iru Team

•

4 min read

WWDC 2022: How Apple Plans to Make True Single Sign-On a Reality

For Mac admins, single sign-on (SSO) sounds like a great idea. In that ideal world, a user would turn on their Mac computer, sign in with their credentials, and then—with that one sign-in—have access to everything: their local user account; apps on their device; resources you provide on the local network; and apps and services that reside in the cloud. So far, though, that ideal has remained out of reach. The user still has to sign in first to a local account, then again to apps and services. SSO services such as Okta and OneLogin make that easier, by providing a single login for cloud-based resources. But true single sign-on isn’t here yet.

Recent News June 8, 2022

Iru Team

•

1 min read

Create Multiple Instances of Auto Apps and Managed OSes

Kandji makes it simple to configure and deliver applications and operating systems to end-user devices. You just select the appropriate Auto App or Managed OS Library Item, set it up the way you want, then assign it to a Blueprint. Any device assigned to that Blueprint will then get the software you want, the way you want it.

Product Update June 1, 2022

David Larrea

•

6 min read

Certificates and Device Management: A Guide for Mac Admins

On the Internet, nobody knows who you are–only who you say you are. Our digital interactions happen on servers and devices, with people we may never see in person. So how do we know that the websites and services we connect to online are legit? How do we know that the emails, texts, and other transmissions we receive are indeed what their senders sent? How does an organization know that the user or device trying to authenticate into an enterprise resource really is that user or device? In the digital world, certificates are widely used to establish these and other forms of trust. Here’s an overview of how they work and how they’re used in the enterprise.

Recent News May 27, 2022

Iru Team

•

2 min read

New Recovery Password Library Item Thwarts Unauthorized Startups

Kandji's new Recovery Password Library Item allows you to configure and apply recovery passwords (to Mac computers with Apple silicon) and EFI firmware passwords (for Intel-based Mac computers), in order to protect against unauthorized startup commands.

Product Update May 9, 2022

Iru Team

•

1 min read

PacketFence Integration with Kandji Bolsters Network Security

Kandji now integrates with PacketFence, the free, open-source network access control (NAC) solution that allows admins to effectively secure networks of all sizes. The integration ensures that the Kandji Agent is installed properly on devices and that those devices are then accessing the network securely.

Product Update April 21, 2022

Iru Team

•

5 min read

How Mac Admins Are Managing the Hybrid Workplace

Two years ago, IT departments all over the world got a crash course in managing remote workforces. Mac admins had to quickly figure out how to keep employees equipped, connected, and secure, regardless of where they were physically located. Last year, many organizations that had made the switch to remote started to cautiously reopen, allowing (or, in some cases, requiring) workers to come into the office at least part of the time. That reopening waxed and waned through 2021, as conditions allowed. But in the meantime, a new kind of office evolved: the hybrid workplace, in which some employees worked remotely, some worked in the office, and many did a bit of both. In the course of that evolution, what was once a temporary expedient became a new way of doing business—thanks in no small part to the adaptability of IT.

Recent News April 15, 2022